Problem with Iptables.

November 18, 2013 46.6k views
pawlo.gom
By:
pawlo.gom
Hi. I have a problem with Iptables. I can`t use the command: sudo iptables -L, because the error is: FATAL: Could not load /lib/modules/3.2.0-55-virtual/modules.dep: No such file or directory iptables v1.4.12: can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. I have installed on my droplet (system ubuntu 12.04) Zpanel and fail2ban according to this guide: https://digitalocean.com/community/articles/how-to-protect-ssh-with-fail2ban-on-ubuntu-12-04 Please, help me. Thank for every piece of advice!
3 comments
Log In to Comment
17 Answers
kamaln7 MOD January 15, 2014
@Leandro: You have to install the kernel that you're using: 
sudo apt-get install linux-image-$(uname -r)


Once that's done, it should work. If it doesn't, try rebooting your droplet.
Reply
  • geekmails July 5, 2014

    Thanks. Thats the one i needed.
    it solved my problem.
    Thanks a lot.

    just use the following command guys 

    sudo apt-get install linux-image-$(uname -r)
kamaln7 MOD November 20, 2013
You must install the kernel package corresponding to the kernel you set your droplet to boot from (using our control panel).
Reply
pablo November 18, 2013
Check out How to Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server.
How To Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server
by Shaun Lewis
Learn how to setup a firewall with UFW on an Ubuntu / Debian cloud server.
Reply
vps November 18, 2013
Did you update your kernel by chance?

I had a similar problem with playing around with new kernel. Any update would break UFW.

Never bothered to try to find correct answer just moved kernel back to default.


Reply
kamaln7 MOD November 20, 2013
In your case it would be 3.2.0-55-virtual
Reply
will-v-king December 12, 2013
in my case, uname said the kernel is 3.2.0-55-virtual .
and it is 3.2.0-55-virtual in my control panel - settings - kernel.
but still got the error:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save
FATAL: Could not load /lib/modules/3.2.0-55-virtual/modules.dep: No such file or directory
iptables v1.4.12: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Reply
will-v-king December 12, 2013
oh, I found the problem:
ls /lib/modules/
3.2.0-23-virtual

Reply
lpcorrea January 15, 2014
Hi Will, I´m having the same problem whit the same version, how do I update/upgrade the /lib/modules? In my case under this folder I have two folders (3.2.0-24-virtual and 3.2.0-48-virtual) and I´m using 3.2.0-55-virtual as you...
Reply
martin.jozef March 23, 2014
Kamal Nasser, Thank you for the no hassle solution. It worked, ufw started working again after a reboot.
Reply
dustinmatlock April 7, 2014
I'm having the same issue. I've not changed the kernal from what was installed.
Reply
chas.snider May 1, 2014
I moved it back to the default, but it still doesn't work.

uname -r
3.5.0-17-generic
ls /lib/modules/
drwxr-xr-x 4 root root 4096 May 1 11:03 3.5.0-17-generic

modprobe ip_tables
FATAL: Error inserting ip_tables (/lib/modules/3.5.0-17-generic/kernel/net/ipv4/netfilter/ip_tables.ko): Operation not permitted

FATAL: Error inserting ip_tables (/lib/modules/3.5.0-17-generic/kernel/net/ipv4/netfilter/ip_tables.ko): Operation not permitted
iptables v1.4.12: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Reply
asb MOD May 1, 2014
@chas.snider: It sounds like there is a mismatch between the kernel you have installed and the kernel selected in the DigitalOcean panel. Make sure the versions match.
Reply
sdpagent August 14, 2014

sudo apt-get install linux-image-$(uname -r)

fixed the issue for me

Thanks @Kamal

Reply
quim October 26, 2015

sudo apt-get install linux-image-$(uname -r)

worked for me also! thanks!

Reply
Johnnierock August 15, 2016

What is the process for a solution for Centos 7?
Looks like I was in panic mode when I posted this question. I did correct the issue by injecting the new kernel from the management section and powered down and back up. Evidently the kernel is independently managed and I did not know that.

Reply
simplylizz June 26, 2017

Another advice is to try reinstall kernel:
sudo apt-get install --reinstall linux-image-$(uname -r)

Reply
phil2k January 16, 2018

The problem still exists in the latest version of the kernel selected for a dropbox with Ubuntu 16.04: "Ubuntu 16.04 x64 vmlinuz 4.4.0-28-generic", kernel modules becoming somehow "ephemeral" (disappearing after the reboot) + making the floating IP not working anymore:

# iptables -nvL
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.4.0-28-generic
iptables v1.6.0: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
# uname -a
Linux do1 4.4.0-28-generic #47-Ubuntu SMP Fri Jun 24 10:09:13 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

Also I tryed to reinstall the packages linux-image-4.4.0-28-generic & linux-headers-4.4.0-28-generic, but after a reboot (or a cold restart of the droplet), the kernel modules needed for iptables are missing again, having to reinstall them by hand again.

Also, this effect somehow negatively affects the Floating IP, making not forwarding any more packets to the real IP of the droplet, than after I tried to reassing the IP (even with unassing & assing) only syn-packets are seen by the droplet:

# tcpdump -ni ens3 tcp port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes
01:09:12.412367 IP 46.229.168.74.13662 > 10.19.0.5.80: Flags [S], seq 4276730076, win 29200, options [mss 1460,sackOK,TS val 2958302465 ecr 0,nop,wscale 7], length 0
01:09:12.476775 IP 54.36.149.72.22052 > 10.19.0.5.80: Flags [SEW], seq 3676365313, win 29200, options [mss 1460,sackOK,TS val 523651869 ecr 0,nop,wscale 7], length 0
01:09:12.976502 IP 46.229.168.65.18120 > 10.19.0.5.80: Flags [S], seq 2115694078, win 29200, options [mss 1460,nop,wscale 8], length 0
01:09:13.478790 IP 54.36.149.72.22052 > 10.19.0.5.80: Flags [S], seq 3676365313, win 29200, options [mss 1460,sackOK,TS val 523652120 ecr 0,nop,wscale 7], length 0
01:09:13.997644 IP 46.229.168.65.18120 > 10.19.0.5.80: Flags [S], seq 2115694078, win 29200, options [mss 1460,nop,wscale 8], length 0
01:09:14.656615 IP 46.229.168.79.41028 > 10.19.0.5.80: Flags [S], seq 2031893919, win 29200, options [mss 1460,sackOK,TS val 1861357496 ecr 0,nop,wscale 7], length 0
01:09:15.498728 IP 54.36.149.72.22052 > 10.19.0.5.80: Flags [S], seq 3676365313, win 29200, options [mss 1460,sackOK,TS val 523652625 ecr 0,nop,wscale 7], length 0

Than after a while, these packages are not seen anymore.

There's no firewall configured (after reinstalling the kernel modules by hand, there are no rules):

# apt-get install --reinstall linux-image-generic linux-headers-generic linux-image-`uname -r` linux-headers-`uname -r`
...
# iptables-save 
# Generated by iptables-save v1.6.0 on Tue Jan 16 01:18:13 2018
*raw
:PREROUTING ACCEPT [409:29597]
:OUTPUT ACCEPT [279:41334]
COMMIT
# Completed on Tue Jan 16 01:18:13 2018
# Generated by iptables-save v1.6.0 on Tue Jan 16 01:18:13 2018
*mangle
:PREROUTING ACCEPT [409:29597]
:INPUT ACCEPT [409:29597]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [281:42238]
:POSTROUTING ACCEPT [281:42238]
COMMIT
# Completed on Tue Jan 16 01:18:13 2018
# Generated by iptables-save v1.6.0 on Tue Jan 16 01:18:13 2018
*nat
:PREROUTING ACCEPT [15:753]
:INPUT ACCEPT [15:753]
:OUTPUT ACCEPT [10:886]
:POSTROUTING ACCEPT [10:886]
COMMIT
# Completed on Tue Jan 16 01:18:13 2018
# Generated by iptables-save v1.6.0 on Tue Jan 16 01:18:13 2018
*filter
:INPUT ACCEPT [1460:132563]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1196:222500]
COMMIT
# Completed on Tue Jan 16 01:18:13 2018
Reply
Have another answer? Share your knowledge.